Secunia Security Advisory - SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

Secunia Security Advisory - SUSE has issued an update for MozillaThunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and compromise a user's system.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.

Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.

Ubuntu Security Notice 1641-1 - Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. It was discovered that Keystone did not properly implement token expiration. A remote attacker could use this to continue to access an account that is disabled or has a changed password. This issue was previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10. Various other issues were also addressed.

This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.

This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.

This Metasploit module checks the AlwaysInstallElevated registry keys which dictate if .MSI files should be installed with elevated privileges (NT AUTHORITY\SYSTEM). The default MSI file is data/exploits/exec_payload.msi with the WiX source file under external/source/exploits/exec_payload_msi/exec_payload.wxs. This MSI simply executes payload.exe within the same folder. The MSI may not execute successfully successive times, but may be able to get around this by regenerating the MSI. MSI can be rebuilt from the source using the WIX tool with the following commands: candle exec_payload.wxs light exec_payload.wixobj.

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.

This Metasploit module exploits a buffer overflow in Apple QuickTime 7.7.2. The stack based overflow occurs when processing a malformed Content-Type header. The module has been tested successfully on Safari 5.1.7 and 5.0.7 on Windows XP SP3.

This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).

This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).

This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).

HI Guys I recently installed bactrack and when I was doing an airodump-ng to scan networks nothing comes up, in my phone there is like 5 APs, there has to be something wrong with the driver or somwthing, how can I install it

I type

airmon-ng start wlan0

Found 4 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

Hi guys, I'm current installing Backtrack r3 by using virtual box.
The problem is I stuck in the middle part of installation, which the partition size of my device (8gb) is not enough for (11.3gb) installation.
Is there any way to increase the partition size? or this is the limit of my device?
Thanks.Screenshot - 29_11_2012 , 3_49_41 PM.jpgScreenshot - 29_11_2012 , 3_50_14 PM.jpg
Immagini allegate

I was curious if it is be possible to dual boot Windows 8 and Backtrack5r3 on Lenovo ideapad yoga?

I have read about this new intel security feature(UEFI (Unified Extensible Firmware Interface)) that might not allow this.?

my second question would be if it is possible to configure a dual boot is there a way to install backtrack5r3 to a SDXC card and then be able to boot from it.
I also read that the new Lenovos are compatible with SDXC.

This arm cuff is a sensor package which logs data whenever you’re wearing it. It records accelerometer data, skin temperature, and galvanic skin response. That data can then be analyzed to arrive at figures like calories burned. But… The company behind the device seems to have included a way to keep the cash flowing. Once [...]

Spring reverb is something we’re used to hearing about when it comes to guitar amplifiers. It’s a coil spring stretched the length of the amp’s housing. One end is fed the guitar signal, with a pickup at the other to capture the output. But this spring reverb is on a much grander scale. [Jochem van Grieken] strung up [...]

[Ronen K.] wrote in to tell us about the MOD playing Stellaris Launchpad project he recently completed. A MOD is a sound file for the computers of days long gone. But you’ll certainly recognize the sound of the 8-bit goodness that is coming out of this device. To understand how a MOD file stores samples [...]

Given the required user interaction and privileged local system account and other operational dependancies, by what
means did you estimate a "high" risk? I guess the basic question would be "how do you even classify this as a risk"
in the first place. Do you have some system of calculating risk or is it just a "gut feeling" type classification?

[Florian Amrhein] made use of some old hardware to build his own internet radio in a 1930′s radio case. The original hardware is a tube-amplified radio which he picked up on eBay. There’s tons of room in there once he removed the original electronics and that’s a good thing because he crammed a lot of [...]

[Max Ogden] wanted the option to add sensors to his Parrot AR Drone. This a commercially available quadcopter which runs Linux. This makes it rather easy for him to use Node.js to read the sensors from an Arduino board. The use of the Arduino is merely for easy prototyping. It is only needed to bridge the drone’s [...]

Located in Kitchener, Ontario, Kwartzlab is a 3000 square foot hackerspace. In 2009, the group was founded and set up their space in a former box factory. We dropped by the space on one of their Tuesday Open Nights to take a tour. Join us after the break for a quick walk through of Kwartzlab. [...]

As of rsync 3, rsync reused the -e option to pass protocol information
from the client to the server. We therefore cannot reject all -e
options to rsync, only ones not sent with --server or containing
something other than protocol information as an argument.

Also scan the rsync command line for any --rsh option and reject it...

I've installed Backtrack 5r3 onto a VM and I'm trying to get NoMachine NX setup for remote administration however I'm having a lot of trouble!

SSH is setup and working however I can't get NX to connect. The main issue I'm having is around the user authentication, as far as I can tell I can't use the root account to login via NX. Some sites advise that configuring the server.cfg file should allow me to login as root however this didnt work.

I created a new user account, non-root, and confirmed this was in the NX users db however I'm still getting authentication failures.

Does anyone have a guide/tutorial on how to setup NX on Backtrack 5 or could anyone help me out, it is my first post ;)

Seriously, nothing says ‘Look at me!’ like these headphones. [Yardley Dobon] added a rainbow of colored electroluminescent wire to his headphones and made them pulse to the music. The video after the break shows the headphones bumping to the tunes. This is one of two versions of the project, the other runs the EL wire [...]

Today I released rssh-2.3.4, which fixes an old issue, and a new
issue:

This was CVE-2012-3478, for which I had originally only posted a patch
to the rssh mailing list. It is now fixed in the new release.

The new issue is CVE-2012-2252, which involves improper filtering of
the rsync command line, when rsync support is configured. This may be
somewhat of a non-issue for recent stock rssh installations, as
stock rssh does not support...

I installed backtrack 5 r3 32 gnome iso to my usb flash drive on my laptop (which is 32 bit system with win7 os) with the unetbootin exe. I went into bios and changed the boot settings to boot from usb. When it restarts it takes me to the unetbootin screen where it has the options (default/backtrack text/ backtrack no drm etc). I choose default and it just restarts and takes me back to the unetbootin screen.

I never had this problem with back track 3. Backtrack 3 just loads up fine. What am I doing wrong?

Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.

Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.

Debian Linux Security Advisory 2578-1 - James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.

So I have an issue, in which I setup a reverse ssh connection on a virtual backtrack instance, which connects to a relay server of mine. As a result of this I can ssh into my relay server and then ssh into the virtual backtrack instance and have shell access...keep in mind this is working all over port 80 from the virtual machine side to the relay server with a public ip...logically it looks like this :

My issues is...I need a way to leverage this reverse ssh connection and perform a remote desktop over port 80 .....or make another reverse ssh connection over port 80 with a remote desktop application...I mainly need this because I need to run tools like nessus and need to access the GUI of virtual backtrack instance so that I can use the browser to run nessus....any suggestions would be greatly appreciated!!! Please help!

Building a MIDI device is always a great microcontroller project, and nearly everyone has an old toy keyboard lying around in the back of a closet or in the basement. [JenShen] decided to take one of these toy keyboards and build a MIDI keyboard. The keyboard [JenShen] used was a simple Casio keyboard with built-in [...]

Assuming it works as the original poster described (I don't have the
hardware to check, but similar issues have been found on the firmware of
various other home routers), then why not? Yes, it does require
authentication, so you might want to call it "authenticated remote command
execution", but you still get arbitrary commands executed through CSRF.
There are some rather aggravating details about this happening on a device
such as...

The qualifying stage of the PHDays CTF international information security contest starts in December.

The teams will try their hands at security assessment, vulnerabilities detection and exploitation as well as fulfilling
reverse engineering tasks. The conditions of PHDays CTF Quals, as opposed to many other competitions of the kind, are
brought as close to real life as possible: all the vulnerabilities are not fictional, but indeed occur on...

"I can also confirm that this attack works on iPhone, iPad and Mac's
default mail client."

Of course, it works anywhere where arbitrary client-side code can be
executed... IMAHO, the issue here is not your iphone loading images,
there are millions of attack vectors to trigger this attack... The
problem is the CSRF weaknesses of your router admin panel that should
be fixed by synchronizing a secret token or by using any...

This unique electronic instrument combines a chopped up guitar and a hacked apart glockenspiel with an Arduino. [Aaron]‘s Glockentar consists of guitar hardware and glockenspiel keys mounted to a wood body. Solenoids placed above the keys actuate metal rods to play a note. Under the hood, an Arduino connects the pieces. The conductive pick closes a circuit, which [...]

should work through a random string, just as most providers already do.
There is absolutely no reason to pass the username/password from a
URL, especially when in plain text as in these cases.
Since there is no loss of features (there are safer, saner, sensible
alternatives), I think this is better considered a bug, since it is never
actually needed in the first place.

Also, with the random token system, I think it is best to still require the...

Okay so i've tried searching for this problem. but basically what happens is that when i try to boot backtrack off my USB to install it, as soon as it starts loading with all the text scrolling up my screen gets all messed up and i can't view my screen (this is just as it is loading i don't even get to type "startx" before it messes up)! but i know that its still running in the background. had the same problem with ubuntu btw but because ubuntu has a fallback mode i was able to install the proprietary drivers and then i was able to boot it normally. but i don't see that fallback mode option here! how do i fix?!?

However, my opinion it that it should be fixed once and for all in iOS/Webkit (and the other
browsers) by disabling resources loaded with credentials.

At some point, as a protection for phishing, URLs with the format
scheme://username:password () hostname/ were disabled.
When you enter in the browser bar something like that it doesn't work in most browsers.

Hi, i want to buy a awus036h wifi adapter. I have read some reviews saying that the problem of this adapter is that you cant connect to n networks becouse awus036h is only b/g. I know this is not true (am i wrong?) becouse 802.11n should be backward compatible with b/g but this lead me to another doubt. I can connect to n networks (even if with lower rates) but can i inject packets (ie send a deauth packet) to a station that is connected to an n-AP using the n protocol?
If this cant be done maybe i should buy the awus036nh even if reviews (and posts on this forum) about this adapter are not so good.

The first thing you have to to is to logout or close the Xorg server and then:
Code:
wget uk.download.nvidia.com/XFree86/Linux-x86_64/310.19/NVIDIA-Linux-x86_64-310.19.run /* Download the nVidia GTX660M driver(or go to the nVidia website and download the driver you need or a newer version of the driver)*/
chmod +X NVIDIA-Linux-x86_64-310.19.run /* Make the installation file executable*/
./NVIDIA-Linux-x86_64-310.19.run /* Start the installation*/
And just follow the instructions on screen to finish the installation...then just reboot and everything will work !

3. Wireless NIC (Network Internet Controller)

As you probably already noticed you can't find anywhere (in the online specs) the model/version/producer of the wireless controller and at the first boot after installation if you run "ifconfig" or "iwconfig" you wont find any wireless adapter! Only in "lspci" it is shown as "Network controller: Intel Corporation Device 0887 (rev c4)" !! To work around this issue you have to do as follows:
Code:
wget http://distfiles.exherbo.org/distfiles/iwlwifi-2030-ucode-18.168.6.1.tgz /* Download iwlwifi-2030-ucode-18.168.6.1.tgz */
tar xvf iwlwifi-2030-ucode-18.168.6.1.tgz /* Extract the files from the archive */
cd iwlwifi-2030-ucode-18.168.6.1 /* Go to the folder */
mv * /lib/firmware/ /* Move all the files into /lib/firmware */
reboot
After the Reboot open a console and run "ifconfig" or "iwconfig" and your Wireless NIC should appear on the list (notice the wlan0 ? that is my network controller wifi interface )

Sample Output :
Code:
wlan0 Link encap:Ethernet HWaddr xx:xx:xx:xx:xx:xx
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Next you will have to open Wicd Network Manager (default in Backtrack) go to Preferences and at the Wireless Interface ad "wlan0" (or what other interface you have) !! Reboot and now your wifi should work !!
Now ... the Aircrack tools "work" after this but at first glance:
- there is no channel hopping ... the channel is fixed on channel 1 even if you specify --cswitch (I will have to investigate further but i don`t have the time now)
- didn't test to see if injection and everything else works But I will asap !

4. Illuminated Keyboard Doesn't work ... but i`m working on it ! (tried the asus-keyboard-backlight_0.1_src script but didn't work)

I`ll get back on this thread asap and as i discover other problems/solutions I will post them here !